otsakir
commented
8 years ago Seems like the best path is the following:
1.Create a separate keycloak confidential client. Set "Service Account Enable" -> ON. In "Service Account Roles" tab add realm-management:manage-users role. I named it 'helper'
2.Get a Bearer token using 'client credentials grant' method. For example:
curl -i -X POST \
-H "Content-Type:application/x-www-form-urlencoded" \
-H "Authorization:Basic base64(helper:client_passwordhere)" \
-d "grant_type=client_credentials" \
'https://authserver/auth/realms/restcomm/protocol/openid-connect/token'3.Create the new user
curl -v https://authserver/auth/admin/realms/restcomm/users --header 'Authorization: Bearer .....' --header 'Content-Type: application/json' --request POST --data '{"username":"foouser","enabled":true}'This will return a location header that contains the user id like the following: Location: https://identity.restcomm.com/auth/admin/realms/restcomm/users/USERID
4.Reset password for the newly created user
curl -v https://authserver/auth/admin/realms/restcomm/users/USERID/reset-password --header 'Authorization: Bearer .....' --header 'Content-Type: application/json' --request PUT --data '{"type":"password","value":"foopassword","temporary":false}'Steps 3 & 4 didn't work together. They had to be done separately.
We need to be able to create, retrieve, remove (?) keycloak users using an external application. The existing identity-proxy application can be used to get some ideas.